The USG appears to have a number of VPN options including OpenVPN so I would not expect any problem doing that. The only issue might be the DynDNS setup and whether you can use an FQDN rather than an IP as the server but it seems unlikely that would not be allowed. Steve

Yup. You should set a source IP (and an alias of IPs) to allow access from. Use a dyndns client if you don't know where you will be connecting from. Steve

We don't include all of the necessary components for at to fully function out of the box. The binaries are there, but notably the cron job is not present. I can't remember what else might be missing, though. You could install the Cron package and then add an entry for this: */5 * * * * root /usr/libexec/atrun

Yep, making the change to StartTLS just required the 16/11 trick and it's up and running. Thanks for the hand!

@Gertjan thanks for help

i changed my amazon smile donations to the freebsd foundation

Just running a lot of VM's on small disk/SSD space, not worth too much effort. Thanks for the input.

Yes it can, that's a very common configuration. You should run the current version, 2.4.4p3, unless you have a very good reason not to. That should not cause a problem with this though. Steve

Wanting to use all of rfc1918 space because its available is not a good reason ;) for example.. I would really like to understand how you came to use /19 - is that your favorite number or something?

That's true for anything written in script for compiled code you need to check the source. Steve

@stephenw10 I will have to wait for this tuesday coming to go on site in order to test.

Ok, if you only have a firewall rule with the OpenVPN gateway set it will force all traffic out that way which will break connectivity to the LAN. Add a rule on the new interface above any rules with a gateway set to pass ping traffic to the LAN. Otherwise check the firewall logs. Check the state table while you're pinging. Steve

You can also provide the timezone to DHCP clients, my Linksys switch (LGS318) uses it. Just add these 2 DHCP options to your DHCP server : option 100 : "CET-1CET-2,M3.5.0,M10.5.0/3" option 101 : "Europe/Paris"

Unfortunately no but the problem disappeared. Maybe it was something else I don't know.

You removed the gateway from LAN. That's a big change to the system. Without that gateway the WAN is probably the only gateway and therefore the default. With a gateway on the LAN the 'automatic' default gateway option probably set LAN as default and hence it failed. Go to Sys > Routing > Gateways and make sure the WANGW is set as the default v4 gateway. Also you're running 2.4.4-rel and the latest version in 2.4.4p3, you should upgrade. That would not change this though. Steve

pfSense uses the dpinger daemon to monitor connection quality. It pings something on the WAN twice a second, by default it uses the gateway IP as that;s what it always has but you can set any IP. It's almost always better to use an external IP as that then actually monitors internet connectivity as opposed to just to the ISP. https://docs.netgate.com/pfsense/en/latest/monitoring/using-an-alternate-monitor-ip-address-for-gateway-monitoring.html What you are describing though starts to sound like a possible modem issue. What is the modem they have there? Steve

@mikeisfly said in Notification when a connection is established: or a packet capture. Check a build-up of of such a packet. You will have your router's MAC (= pfSense), the cameras MAC, the cameras's LAN IP and the IP (WAN IP) of the visitor. Not the payload, as it is all TLS these days (well, the camera should send over TLS, other scrap it). At most, you could see who - from the outside world - visited your device. If it isn't recording, as you can check using the same access time, then you will not know what they saw. Btw : One of world's most famous and most used free programs, fail2ban, can do what you want right out of the box.Comparable programs exists. Btw : my DVR's - see above - logs user access by login code ... everything is already there.

There are only 100 packets there, it's all outbound from 100.92.220.245 and none of it is DHCP. But you should start your own thread. Unless this turns out to be identical it's only going to confuse things here. Steve

Nice. Let us know if you are able to connect, that would definitely need looking at if so. The generated ruleset on the secondary looks good here though. Steve

The best way is to remove the SWAP partition at install time. If re-installing is an option for you.